If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

New study: spyware barely touches Firefox...

...may as well stir the pot this a.m. Some interesting finds by a couple of profs out of Uof W.

"...1.6 percent of the domains infected the first IE configuration, the one mimicking a naive user blithely clicking 'Yes;' about a third as many domains (0.6 percent) did drive-by downloads by planting spyware even when the user rejected the installations.

In the same kind of configurations, Firefox survived relatively unscathed. Only .09 percent of domains infected the Mozilla Corp. browser when it was set, like IE, to act as if the user clicked through security dialogs; no domain managed to infect the Firefox-equipped PC in a drive-by download attack."

OK, I mostly use Mozilla for day to day stuff on most of my machines. It is IMO more secure "out of the box", but only at this moment in time. It is really "security through obscurity" in a lot of cases, as a lot of undesirable stuff is still IE/Windows specific because of their dominance in the marketplace.

Now, you can harden Windows and IE, that I will not deny. What I will say that FireFox with the "noscript" and "adblock" plug-ins, and no ActiveX, is probably easier for an inexperienced user to handle and give them better protection. After all, it will automatically block scripts, and it is very easy to allow a particular site permanently or on a per session basis.

Sure you can do the same sort of thing in IE, it just happens to be rather more "involved" to achieve it. I would have no problem with that, other than it might be rather too much for "Granny" to handle?

I guess that in this area I take the "herd" or "anthill" attitude.............."if one of us has a problem, we all have a problem", so, I would feel a lot happier if the illiterates didn't get infected either

As for the article, unfortunately, the link does not work, so I could not comment on the statistical significances of the results.

One comment I would make If I set IE to block everything, it will, just like Mozilla. If I set it to "prompt" then it will do just that.................so if the user is assumed to say "yes" to everything, then you might as well have set it to "allow" in the first place. That is CHEATING

/ me, pulls out whistle, notebook and yellow card............that was a foul!

FireFox will block unless you proactively tell it otherwise, so it would pass the "dumb user" test with flying colours.

Just my £0.02

If you cannot do someone any good: don't do them any harm....
As long as you did this to one of these, the least of my little ones............you did it unto Me.
What profiteth a man if he gains the entire World at the expense of his immortal soul?

Why spend the time and energy config'ing IE? ActiveX isn't ALL bad. Comes in handy for online AV scans and other stuff like camera viewers. I installed a Samsung camera system for a client, patched it thru his router on port 80 so he could do remote viewing, only to run into beaucoup problemos trying to view them via IE under XP SP2 and its security settings. Apparently Samsung wrote an applet that wasn't trusted by IE running under SP2 (the thing ran fine on IE6 under Win98). I finally got SP2's archaic IE settings properly toggled to run an untrusted ActiveX applet, but wasn't comfortable leaving the client more open to hacks. But that's what it took to make it work, and making this stuff work is what I get paid to do.

I still say it's far better to run Firefox as your default browser, leave IE settings where they are because there's legit outfits out there writing apps for those default settings. You never know when you might need IE. Yar, I was even running IE under Crossover Office on my old Xandros box. I used to like to go to M$ Updates with the Xandros machine just to see what would happen.

Did I ever tell y'all I was an anarchist is one of my past lives? Glad I got over that...

IE is designed, for better or worse, to be a command shell for
the OS, and not merely a web browsing app. All of its problems are rooted
in this design philosophy. Because of this integration, it has an advantage over competitors
because features provided by activeX cannot be accessed by other peoples'
browsers. It is a brazen attempt to extend (violate) web standards to
freeze competitors out of the browser market.

They are hoping that users will be unable to conceptually distinguish
between the "browser" and the "desktop".

For those of us who remember using computers before there was
an internet, integration is just jargon, but for most users, there is
no distinction between "using the computer" and "going online".
They don't want to sacrifice the convenience of installing software
off a web page with one click.